I was aware of the old technique of including a small hosted image in a message, thereby confirming the exact date and time a message has been opened and displayed by simply recording the time it was requested.

I've just found out about more dirty tricks though (eg, readnotify.com) which offers services such as time-bomb emails which self-delete at a preset time, messages which self-delete if you try to copy or print them, and tracking information which includes the following:

Date and time opened
Location of recipient (per their ISP city /town)
Map of location (available on paid subscriptions)
Recipients IP address
Apparent email address of opening (if available)
Referrer details (ie; if accessed via web mail etc)
URL clicks
How long the email was read for
How many times your email was opened
If your email was forwarded, or opened on a different computer

Obviously if we use Pocomail we will defeat anything that relies on client-side scripting, and if we block all images we will defeat the simple served-image thing, but is it possible for email to do things while on the server (like delete itself, or report back-to-base)?

I always thought that email was essentially a one-way system, but after reading some of the stuff on that site I'm a bit confused.

It doesn't really explain how it works, so I was hoping someone here could enlighten me?!

wortgames wrote:It doesn't really explain how it works, so I was hoping someone here could enlighten me?!

I'm highly suspicious that it's not explained on purpose.

Tested and it doesn't work with Pocomail. They couldn't find that I read that email. Email I received just had a standard notify header, which Poco of course doesn't acknowledge unless you specifically have it setup to do so, which 99% of the users don't have.

Besides that, they also offer you to include some banners in your message that ask the receiving party to acknowledge receipt manually.

I didn't investigate neither of advanced features like PDF or Office Documents tracking, nor self-deleting emails, but I have no reason to believe otherwise than that this will be just another similar thing. Simple technology that is easily overcome by any sophisticated enough computer user that has a reason to overcome it.

Pocomail or similar non-Outlook client coupled with a firewall and it's safe even for casual PC users.

This is interesting reading, but we need to look at the underlying mechanisms that they can use.

I've just found out about more dirty tricks though (eg, readnotify.com) which offers services such as time-bomb emails which self-delete at a preset time, messages which self-delete if you try to copy or print them, and tracking information which includes the following:

Date and time openedLocation of recipient (per their ISP city /town)Map of location (available on paid subscriptions)Recipients IP addressApparent email address of opening (if available)Referrer details (ie; if accessed via web mail etc)URL clicksHow long the email was read forHow many times your email was openedIf your email was forwarded, or opened on a different computer

Tracking: you can track the delivery path of a message without ReadNotify provided the relay and recipient servers provide that information. You can do it from Outlook. But this only says when the message was delivered to the next link in the chain or to the final mail server. As far as I know, mail servers do not report back when you have opened/downloaded a message. BTW: they don't actually say whatthey track which makes me suspicious (like Tomas).

ActiveTracker plugins which work with every e-mail client (even Poco I'll bet): this is I think a proxy just like outgoing AV checking that adds the necessary header requests for tracking as above.

WebMail plugin is integrated into IE and works with Yahoo and MSN. It doesn't seem to work with FF / Opera (etc).

Ensured / retractable mail has to be stored on their server. The giveaway is that you have to add readnotify.com to the end - this means that your e-mail client delivers the message to readnotify.com; not to your recipient. I would imagine that the end recipient then receives a link to the message on readnotify's server which probably opens the message in IE.

Block print / copy: I would imagine that this works the same way - when readnotify's server serves up the message to the client browser, it disabled the copy and print facility in the browser window (although I struggle with the idea of sending someone a message that you don't want them to print...)

PDF tracking: "...provided you track the e-mail which contains your...PDF." Says it all really.

As for the other things, from what I understand about mail servers and clients, once the message has been delivered to you the sender can get no information about what you do with the message unless you let them - i.e. you allow a read receipt (I don't) or you allow the client to download that little image that says that you have read the message.

So to address the first question: how much can we block? The answer as I see it is "most of it". If the sender has used the readnotify servers then there isn't much that you can do about it (except refuse the follow the link that I assume you are sent - like I would if sent a link to somewhere else).

I'm sorry but I don't have any more insights than what I wrote above.
I only tested the basics, that's true, but the total lack of specific information (the price was probably as much specifics as they seemed to be open to reveal) made me not to spend anymore time there.

Frankly, whole their website seemed to me like they are only after my money.